Holger Hans Peter Freyther | 8acedec | 2010-06-07 18:09:54 +0800 | [diff] [blame^] | 1 | -- Create a file named by_ip/''ip_addess''.cap with all ip traffic of each ip host. (works for tshark only) |
| 2 | -- Dump files are created for both source and destination hosts |
| 3 | do |
| 4 | local dir = "by_tlli" |
| 5 | local dumpers = {} |
| 6 | local function init_listener() |
| 7 | local udp_port_table = DissectorTable.get("udp.port") |
| 8 | local gprs_ns_dis = Dissector.get("gprs_ns") |
| 9 | udp_port_table:add(23000,gprs_ns_dis) |
| 10 | |
| 11 | local field_tlli = Field.new("bssgp.tlli") |
| 12 | local tap = Listener.new("ip", "udp.port == 23000") |
| 13 | |
| 14 | -- we will be called once for every IP Header. |
| 15 | -- If there's more than one IP header in a given packet we'll dump the packet once per every header |
| 16 | function tap.packet(pinfo,tvb,ip) |
| 17 | local ttli = field_tlli() |
| 18 | if not ttli then |
| 19 | return |
| 20 | end |
| 21 | |
| 22 | local ttli_str = tostring(ttli) |
| 23 | ttli_dmp = dumpers[ttli_str] |
| 24 | if not ttli_dmp then |
| 25 | print("Creating TLLI " .. tostring(ttli) .. " " .. ttli_str) |
| 26 | ttli_dmp = Dumper.new_for_current(dir .. "/" .. ttli_str .. ".pcap") |
| 27 | dumpers[ttli_str] = ttli_dmp |
| 28 | end |
| 29 | ttli_dmp:dump_current() |
| 30 | ttli_dmp:flush() |
| 31 | end |
| 32 | function tap.draw() |
| 33 | for ttli,dumper in pairs(dumpers) do |
| 34 | dumper:flush() |
| 35 | end |
| 36 | end |
| 37 | function tap.reset() |
| 38 | for ttli,dumper in pairs(dumpers) do |
| 39 | dumper:close() |
| 40 | end |
| 41 | dumpers = {} |
| 42 | end |
| 43 | end |
| 44 | init_listener() |
| 45 | end |